<html>
<head><meta charset="utf-8"><title>Uninit data and DMA · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html">Uninit data and DMA</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="189349415"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189349415" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189349415">(Feb 28 2020 at 20:48)</a>:</h4>
<p>Is there a way to create a safe abstractions over DMA transactions without UB ? Let's say I have a [MaybeUninit&lt;u8&gt;; 1024 ] and tell the DMA to fill it, and I would wish to transform it in a &amp;[u8] after it's done, would it be UB to use slice::from_raw_parts ?</p>



<a name="189349446"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189349446" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189349446">(Feb 28 2020 at 20:48)</a>:</h4>
<p>How would I tell the compiler that the thing is in fact initialized, since it has no idea of a DMA peripheral ?<br>
Sorry if this isn't the right place for this</p>



<a name="189357819"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189357819" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189357819">(Feb 28 2020 at 22:33)</a>:</h4>
<p>So first of all you would need a fence or memory barrier to ensure the DMA is properly completed as seen by the CPU and compiler. After that sure, slice::from_raw_parts is fine. <code>MaybeUninit&lt;u8&gt;</code>is guaranteed to have the same layout as <code>u8</code>.</p>



<a name="189359744"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189359744" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189359744">(Feb 28 2020 at 23:00)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> You need to use <code>ptr::read_volatile</code> and <code>ptr::write_volatile</code> to access the DMA buffer. I would avoid creating a <code>&amp;[u8]</code>, since it's too easy to do a non-volatile read by mistake. Instead, you should define your own slice equivalent that uses volatile reads/writes for all operations.</p>



<a name="189359928"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189359928" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189359928">(Feb 28 2020 at 23:03)</a>:</h4>
<p><span class="user-mention" data-user-id="118594">@ecstatic-morse</span> Why would I need volatile operations after the transaction has been completed ?</p>



<a name="189360183"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189360183" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189360183">(Feb 28 2020 at 23:06)</a>:</h4>
<p>Because optimizing compilers are free to omit and/or reorder reads and writes if the changes cannot be detected on the abstract machine.</p>



<a name="189360205"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189360205" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189360205">(Feb 28 2020 at 23:07)</a>:</h4>
<p>And the abstract machine has no idea that a DMA transaction is occurring behind the scenes.</p>



<a name="189360298"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189360298" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189360298">(Feb 28 2020 at 23:08)</a>:</h4>
<p>You don't need volatile once the action is complete. However, you also must not make the &amp;[T] before the action occurs of course.</p>



<a name="189360327"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189360327" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189360327">(Feb 28 2020 at 23:08)</a>:</h4>
<p>Yes, the compiler fence thing, I know</p>



<a name="189360386"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189360386" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189360386">(Feb 28 2020 at 23:10)</a>:</h4>
<p>I would suggest skipping the MaybeUninit part, if you can</p>



<a name="189360436"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189360436" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189360436">(Feb 28 2020 at 23:10)</a>:</h4>
<p>Just have a zeroed buffer</p>



<a name="189360498"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189360498" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189360498">(Feb 28 2020 at 23:11)</a>:</h4>
<p>That wouldn't make much sense, if I have to zeroed it I might just as well copy the thing myself</p>



<a name="189360517"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189360517" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189360517">(Feb 28 2020 at 23:11)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span> is this UB ?<br>
<a href="https://play.rust-lang.org/?version=stable&amp;mode=debug&amp;edition=2018&amp;gist=9139b07bc1015bfeb286e881602e98ea" target="_blank" title="https://play.rust-lang.org/?version=stable&amp;mode=debug&amp;edition=2018&amp;gist=9139b07bc1015bfeb286e881602e98ea">https://play.rust-lang.org/?version=stable&amp;mode=debug&amp;edition=2018&amp;gist=9139b07bc1015bfeb286e881602e98ea</a><br>
If it is, how is that different from the DMA case ?</p>



<a name="189361137"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189361137" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189361137">(Feb 28 2020 at 23:21)</a>:</h4>
<p><span class="user-mention" data-user-id="118594">@ecstatic-morse</span> the write volatile makes sense, in the sense of only working with raw pointers</p>



<a name="189361317"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189361317" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189361317">(Feb 28 2020 at 23:24)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span>  the OP still needs volatile operations. If they were to check the DMA flag in a loop, then emit an <code>mfence</code> or whatever, and only then create a slice pointing to memory that is uninitialized or zeroed or whatever, the compiler is still free to const-propagate across the memory barrier.</p>



<a name="189361505"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189361505" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189361505">(Feb 28 2020 at 23:26)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> well if miri says it's fine i guess it's fine. But it sure looks to me like that code makes a reference into uninit memory</p>



<a name="189361637"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189361637" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189361637">(Feb 28 2020 at 23:27)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span> <span class="user-mention" data-user-id="267734">@Thales Fragoso</span> miri is not normative. miri has false negatives ATM.</p>



<a name="189361647"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189361647" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189361647">(Feb 28 2020 at 23:27)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span>  It sure does, but it will be the same thing with DMA, i.e. the physical memory would actually be initialized, but the compiler would have no idea about that</p>



<a name="189361745"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189361745" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189361745">(Feb 28 2020 at 23:28)</a>:</h4>
<p>and that code is UB</p>



<a name="189361817"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189361817" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189361817">(Feb 28 2020 at 23:29)</a>:</h4>
<p>although I don't think we've committed to whether <code>mem::uninitialized::&lt;u8&gt;()</code> will always be UB</p>



<a name="189361833"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189361833" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189361833">(Feb 28 2020 at 23:29)</a>:</h4>
<p>Yes, I thought so, I will wrap the the buffer and only allow access through volatile operations and raw pointers</p>



<a name="189361897"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189361897" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189361897">(Feb 28 2020 at 23:30)</a>:</h4>
<p>Then it would be okay, right ?</p>



<a name="189362037"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362037" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362037">(Feb 28 2020 at 23:32)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> Yes. I might ask the embedded rust discord if there are preexisting libraries for wrapping  a DMA buffer.</p>



<a name="189362049"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362049" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362049">(Feb 28 2020 at 23:32)</a>:</h4>
<p>Hmm, this form of DMA is nothing like the operation I was expecting, honestly.</p>



<a name="189362090"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362090" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362090">(Feb 28 2020 at 23:33)</a>:</h4>
<p><span class="user-mention" data-user-id="118594">@ecstatic-morse</span> heh, I came from there, there isn't any as far as a know dealing with uninitialized</p>



<a name="189362116"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362116" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362116">(Feb 28 2020 at 23:33)</a>:</h4>
<p>There is actually one PR that does the &amp;[u8] thing, that's why I was questioning myself about this</p>



<a name="189362122"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362122" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362122">(Feb 28 2020 at 23:33)</a>:</h4>
<p>I will comment on the thread about this</p>



<a name="189362196"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362196" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362196">(Feb 28 2020 at 23:34)</a>:</h4>
<p>How are you calling the DMA anyway?</p>



<a name="189362207"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362207" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362207">(Feb 28 2020 at 23:34)</a>:</h4>
<p>Memory Mapped IO</p>



<a name="189362221"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362221" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362221">(Feb 28 2020 at 23:35)</a>:</h4>
<p>Just write to a bit on a specific memory location</p>



<a name="189362249"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362249" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362249">(Feb 28 2020 at 23:35)</a>:</h4>
<p>And you can check another bit to see if it's done, or activate an interrupt</p>



<a name="189362486"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362486" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362486">(Feb 28 2020 at 23:38)</a>:</h4>
<p>none of the existing DMA code I've seen in the wild uses volatile</p>



<a name="189362509"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362509" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362509">(Feb 28 2020 at 23:38)</a>:</h4>
<p>Isn't there a freeze type method to say to the compiler that I don't care that it's just random bits, just read it and don't throw it away ?</p>



<a name="189362546"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362546" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362546">(Feb 28 2020 at 23:39)</a>:</h4>
<p>I believe LLVM has something like that, but Rust doesn't expose it atm</p>



<a name="189362565"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362565" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362565">(Feb 28 2020 at 23:39)</a>:</h4>
<p><span class="user-mention" data-user-id="211727">@Jonas Schievink</span> this is true, I wonder if we are swinging in UB<br>
Edit: regarding the volatile</p>



<a name="189362566"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362566" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362566">(Feb 28 2020 at 23:39)</a>:</h4>
<p>LLVM just barely added it</p>



<a name="189362639"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362639" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362639">(Feb 28 2020 at 23:40)</a>:</h4>
<p>our version of LLVM doesn't have it i think</p>



<a name="189362703"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362703" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362703">(Feb 28 2020 at 23:41)</a>:</h4>
<p><span class="user-mention" data-user-id="211727">@Jonas Schievink</span> what do they use? Maybe my reading of <code>compiler_fence</code> is too conservative? Does it forbid omitting reads as well as reordering like <code>asm volatile("" ::: "memory");</code> would in C?</p>



<a name="189362709"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362709" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362709">(Feb 28 2020 at 23:41)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> so you write a pointer to X register, write a value to Y register to copy N bytes, and then read Z until it's done?</p>



<a name="189362767"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362767" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362767">(Feb 28 2020 at 23:42)</a>:</h4>
<p>Yep</p>



<a name="189362775"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362775" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362775">(Feb 28 2020 at 23:42)</a>:</h4>
<p>Pretty much</p>



<a name="189362802"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362802" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362802">(Feb 28 2020 at 23:43)</a>:</h4>
<p>All volatile operations on MMIO, of course</p>



<a name="189362868"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362868" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362868">(Feb 28 2020 at 23:44)</a>:</h4>
<p><span class="user-mention" data-user-id="118594">@ecstatic-morse</span> DMA code usually just uses a compiler fence and maybe an <code>UnsafeCell</code> around the buffer or its elements</p>



<a name="189362892"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362892" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362892">(Feb 28 2020 at 23:44)</a>:</h4>
<p>Yeah okay that's basically what I expected now that you put it that way</p>



<a name="189362916"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362916" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362916">(Feb 28 2020 at 23:45)</a>:</h4>
<p><span class="user-mention" data-user-id="211727">@Jonas Schievink</span> which implementation uses <code>UnsafeCell</code> ?</p>



<a name="189362934"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362934" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362934">(Feb 28 2020 at 23:45)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> The one in stm32-usbd uses <code>VolatileCell</code> <a href="https://github.com/stm32-rs/stm32-usbd/blob/master/src/endpoint_memory.rs" target="_blank" title="https://github.com/stm32-rs/stm32-usbd/blob/master/src/endpoint_memory.rs">https://github.com/stm32-rs/stm32-usbd/blob/master/src/endpoint_memory.rs</a></p>



<a name="189362938"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189362938" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189362938">(Feb 28 2020 at 23:45)</a>:</h4>
<p>Then accessing the buffer shouldn't need volatile</p>



<a name="189363015"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363015" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363015">(Feb 28 2020 at 23:46)</a>:</h4>
<p>just the fence after the DMA completes, and then it's all normal memory after that</p>



<a name="189363021"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363021" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363021">(Feb 28 2020 at 23:46)</a>:</h4>
<p>That specific one should be fine I guess</p>



<a name="189363044"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363044" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363044">(Feb 28 2020 at 23:47)</a>:</h4>
<p>The <code>&amp;'static mut</code> worries me a little, does that still allow an <code>UnsafeCell</code> to change behind the compiler's back?</p>



<a name="189363051"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363051" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363051">(Feb 28 2020 at 23:47)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span> how if the compiler decides to not read the thing after the compiler fence since it thinks it's all zeros ?</p>



<a name="189363063"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363063" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363063">(Feb 28 2020 at 23:47)</a>:</h4>
<p>Does compiler fence prevent that ?</p>



<a name="189363144"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363144" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363144">(Feb 28 2020 at 23:49)</a>:</h4>
<p>I'd <em>really</em> expect a function that's documented to "restrict the kinds of memory re-ordering the compiler is allowed to do" to also affect const prop though</p>



<a name="189363155"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363155" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363155">(Feb 28 2020 at 23:49)</a>:</h4>
<p><span class="user-mention" data-user-id="211727">@Jonas Schievink</span> Oh, yes the USB one, it's not really using the DMA peripheral but it's the same principle</p>



<a name="189363172"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363172" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363172">(Feb 28 2020 at 23:49)</a>:</h4>
<p>Doesn't the USB peripheral have built-in DMA or something?</p>



<a name="189363236"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363236" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363236">(Feb 28 2020 at 23:50)</a>:</h4>
<p>(Currently bringing up USB on the nRF52840, so all of this is pretty relevant)</p>



<a name="189363237"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363237" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363237">(Feb 28 2020 at 23:50)</a>:</h4>
<p>In the stm case it has an arbiter which moderates the accesses of the USB peripheral and the core</p>



<a name="189363255"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363255" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363255">(Feb 28 2020 at 23:51)</a>:</h4>
<p>The USB memory is in another place, reserved to it</p>



<a name="189363269"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363269" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363269">(Feb 28 2020 at 23:51)</a>:</h4>
<p>Right, but mapped to the CPU bus. So effectively this is just DMA with a slightly weirder memory setup.</p>



<a name="189363334"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363334" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363334">(Feb 28 2020 at 23:52)</a>:</h4>
<p>Effectively, yes, the USB peripheral does the writing to the memory</p>



<a name="189363446"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363446" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363446">(Feb 28 2020 at 23:54)</a>:</h4>
<p><span class="user-mention" data-user-id="211727">@Jonas Schievink</span> all of this is because I'm trying to do USB with uninit buffers, but the end_point trait expects a <code>&amp;mut [u8]</code> to write to it</p>



<a name="189363497"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363497" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363497">(Feb 28 2020 at 23:55)</a>:</h4>
<p>And I was worrying about creating a slice to a uninit thing, quite a show stopper</p>



<a name="189363561"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363561" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363561">(Feb 28 2020 at 23:56)</a>:</h4>
<p>Just wished uninitialized <code>u8</code> was fine</p>



<a name="189363581"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363581" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363581">(Feb 28 2020 at 23:57)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> Since you've already been to the discord channel, you've probably already read <a href="https://docs.rust-embedded.org/embedonomicon/dma.html#compiler-misoptimizations" target="_blank" title="https://docs.rust-embedded.org/embedonomicon/dma.html#compiler-misoptimizations">the book</a>. They seem to be very careful to do only volatile writes in addition to the memory barriers.</p>



<a name="189363665"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363665" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363665">(Feb 28 2020 at 23:59)</a>:</h4>
<p>I read it some time ago, but don't they just hand the &amp;[u8] back to the user afterwards ?</p>



<a name="189363675"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363675" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363675">(Feb 28 2020 at 23:59)</a>:</h4>
<p>Then the user is free do read/write to it the way they want</p>



<a name="189363733"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363733" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363733">(Feb 29 2020 at 00:00)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> you escaped a pointer to a buffer to the wild world and then did a memory fence, it can't assume the buffer is still anything</p>



<a name="189363754"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363754" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363754">(Feb 29 2020 at 00:00)</a>:</h4>
<p>Ah, I thought they were copying it out.</p>



<a name="189363810"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363810" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363810">(Feb 29 2020 at 00:01)</a>:</h4>
<p>Copy is no good, heh, that's why they are using DMA in the first place</p>



<a name="189363890"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363890" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363890">(Feb 29 2020 at 00:02)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span> that seems plausible, apart from the outside world part, to rust it's just another address on memory</p>



<a name="189363906"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363906" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363906">(Feb 29 2020 at 00:02)</a>:</h4>
<p>Well if <code>compiler_fence</code> also declares "arbitrary-side effects may have occurred" then it's fine to just create a <code>&amp;[u8]</code>. I've not read anything that explicitly states this, but it seems like it's maybe implicit/obvious?</p>



<a name="189363920"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363920" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363920">(Feb 29 2020 at 00:02)</a>:</h4>
<p>Not to me obviously.</p>



<a name="189363922"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363922" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363922">(Feb 29 2020 at 00:02)</a>:</h4>
<p>There has to be some way we can give a <code>&amp;[u8]</code> back to the user though, otherwise DMA would become a total nuisance in all APIs</p>



<a name="189363976"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363976" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363976">(Feb 29 2020 at 00:03)</a>:</h4>
<p><span class="user-mention" data-user-id="118594">@ecstatic-morse</span> I really don't like "implicit" things</p>



<a name="189363987"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189363987" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189363987">(Feb 29 2020 at 00:03)</a>:</h4>
<p>Nor do I.</p>



<a name="189364052"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364052" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364052">(Feb 29 2020 at 00:04)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> volatile means "special spooky actions happen here, you must do it exactly as often as i say"</p>



<a name="189364098"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364098" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364098">(Feb 29 2020 at 00:05)</a>:</h4>
<p>That's the thing, if we give &amp;[u8] back to the user they sure won't be using volatile_read</p>



<a name="189364177"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364177" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364177">(Feb 29 2020 at 00:06)</a>:</h4>
<p>Volatile is still greatly restricted in what those special things can do, it isn't total chaos, but it's allowed to do side effects the compiler doesn't see</p>



<a name="189364188"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364188" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364188">(Feb 29 2020 at 00:06)</a>:</h4>
<p>that's the whole point of the attribute</p>



<a name="189364202"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364202" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364202">(Feb 29 2020 at 00:06)</a>:</h4>
<p>You can't have a <code>&amp;[u8]</code> because the compiler assumes no aliasing. This is false since DMA has a reference to the buffer.</p>



<a name="189364229"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364229" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364229">(Feb 29 2020 at 00:07)</a>:</h4>
<p>Basically you need to construct the slice after the DMA has complete and you have issued your fence.</p>



<a name="189364231"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364231" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364231">(Feb 29 2020 at 00:07)</a>:</h4>
<p>The <code>&amp;[u8]</code> would of course only exist when DMA is not running</p>



<a name="189364240"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364240" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364240">(Feb 29 2020 at 00:07)</a>:</h4>
<p>Then no problem.</p>



<a name="189364243"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364243" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364243">(Feb 29 2020 at 00:07)</a>:</h4>
<p>Yeah, that's what I'm thinking</p>



<a name="189364259"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364259" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364259">(Feb 29 2020 at 00:07)</a>:</h4>
<p>But it's not constructed, it's given back</p>



<a name="189364265"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364265" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364265">(Feb 29 2020 at 00:08)</a>:</h4>
<p><span class="user-mention" data-user-id="118594">@ecstatic-morse</span> FWIW the docs of <code>compiler_fence</code> pretty clearly say "with Acquire, subsequent reads and writes cannot be moved ahead of preceding reads" and that's essentially the fundamental guarantee we need</p>



<a name="189364336"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364336" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364336">(Feb 29 2020 at 00:08)</a>:</h4>
<p>But it doesn't say it can't be omitted</p>



<a name="189364378"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364378" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364378">(Feb 29 2020 at 00:09)</a>:</h4>
<p>Ugh, is that really going to be an issue?</p>



<a name="189364467"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364467" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364467">(Feb 29 2020 at 00:10)</a>:</h4>
<p>Let's say we have a zeroed buffer, the compiler knows it's zeroed, then we DMA into the buffer, and after the whole thing is complete we ask it for buffer[0]</p>



<a name="189364501"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364501" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364501">(Feb 29 2020 at 00:10)</a>:</h4>
<p>The compiler is sure that this would return zero, what would it do the read?</p>



<a name="189364510"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364510" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364510">(Feb 29 2020 at 00:10)</a>:</h4>
<p>Yeah...</p>



<a name="189364513"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364513" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364513">(Feb 29 2020 at 00:11)</a>:</h4>
<p>I meant to be joking when I said "another week another soundness issue" last week, but it looks like this is really going to continue indefinitely</p>



<a name="189364643"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364643" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364643">(Feb 29 2020 at 00:13)</a>:</h4>
<p>We should create a <code>DmaSlice</code> type and spread it over the ecosystem</p>



<a name="189364678"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364678" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364678">(Feb 29 2020 at 00:13)</a>:</h4>
<p>Is there a <code>volatile_copy_nonoverlapping</code> operation ? Heh</p>



<a name="189364733"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364733" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364733">(Feb 29 2020 at 00:14)</a>:</h4>
<p><span class="user-mention" data-user-id="143274">@Amanieu</span> <a href="https://llvm.org/docs/LangRef.html#memory-model-for-concurrent-operations" target="_blank" title="https://llvm.org/docs/LangRef.html#memory-model-for-concurrent-operations">This is the relevant section of the LLVM refererence</a>, which defines the semantics of happens-before.</p>



<a name="189364745"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364745" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364745">(Feb 29 2020 at 00:14)</a>:</h4>
<p>This will probably poison all APIs that transitively call DMA functions, and greatly affect performance too</p>



<a name="189364758"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364758" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364758">(Feb 29 2020 at 00:15)</a>:</h4>
<p>Well, unless it's read-only DMA</p>



<a name="189364766"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364766" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364766">(Feb 29 2020 at 00:15)</a>:</h4>
<blockquote>
<p>Given that definition, Rbyte is defined as follows:</p>
<p>If R is volatile, the result is target-dependent. (Volatile is supposed to give guarantees which can support sig_atomic_t in C/C++, and may be used for accesses to addresses that do not behave like normal memory. It does not generally provide cross-thread synchronization.)</p>
<p>Otherwise, if there is no write to the same byte that happens before Rbyte, Rbyte returns undef for that byte.</p>
</blockquote>



<a name="189364835"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364835" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364835">(Feb 29 2020 at 00:16)</a>:</h4>
<p>where <code>R</code> is defined as :</p>
<blockquote>
<p>Every (defined) read operation (load instructions, memcpy, atomic loads/read-modify-writes, etc.) R reads a series of bytes written by (defined) write operations (store instructions, atomic stores/read-modify-writes, memcpy, etc.). For the purposes of this section, initialized globals are considered to have a write of the initializer which is atomic and happens before any other read or write of the memory in question. For each byte of a read R, Rbyte may see any write to the same byte, except:</p>
</blockquote>



<a name="189364855"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189364855" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189364855">(Feb 29 2020 at 00:17)</a>:</h4>
<p>Just have old and crappy DMA that doesn't run as a co-processing unit, like me ;3</p>



<a name="189365063"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365063" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365063">(Feb 29 2020 at 00:20)</a>:</h4>
<p>Sure, you need a volatile write to initiate DMA and to read the DMA-complete flag. But apart from that you just need to insert a fence to establish that the write by the DMA engine happens before you reading the result of the DMA.</p>



<a name="189365104"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365104" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365104">(Feb 29 2020 at 00:21)</a>:</h4>
<p>You can think of the DMA engine as a separate thread. It uses a store-release on the DMA-complete flag and you use a load-acquire to read it. Then you are free to read the DMA results normally</p>



<a name="189365154"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365154" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365154">(Feb 29 2020 at 00:22)</a>:</h4>
<p>Okay, sounds like I'll punt on rewriting half the ecosystem until the UCG WG agrees on this :)</p>



<a name="189365178"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365178" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365178">(Feb 29 2020 at 00:23)</a>:</h4>
<p><span class="user-mention" data-user-id="143274">@Amanieu</span> Won't the compiler be allowed to omit a read to the dma Buffer if it thinks it didn't change ?</p>



<a name="189365187"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365187" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365187">(Feb 29 2020 at 00:23)</a>:</h4>
<p>Well Amanieu and I have made basically the same case here</p>



<a name="189365188"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365188" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365188">(Feb 29 2020 at 00:23)</a>:</h4>
<p><span class="user-mention" data-user-id="143274">@Amanieu</span> but where's the "write" to memory backing the DMA buffer? Won't any non-volatile read be<code>undef</code> since there's no observable write within that thread?</p>



<a name="189365271"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365271" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365271">(Feb 29 2020 at 00:24)</a>:</h4>
<p><span class="user-mention" data-user-id="118594">@ecstatic-morse</span> The write is done by the DMA engine. You have to stretch the definition of a parallel thread of execution to include the DMA engine.</p>



<a name="189365285"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365285" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365285">(Feb 29 2020 at 00:25)</a>:</h4>
<p>I'll put that under "there are platform-specific ways to create them, and we define LLVM IR’s behavior in their presence"</p>



<a name="189365287"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365287" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365287">(Feb 29 2020 at 00:25)</a>:</h4>
<p><span class="user-mention" data-user-id="143274">@Amanieu</span> , there's no write anywhere in any part of the rust abstraction machine</p>



<a name="189365382"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365382" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365382">(Feb 29 2020 at 00:26)</a>:</h4>
<p>It does sound like the compiler would have to <em>prove absence</em> of such writes before it can const prop though, which is not really possible once the buffer address has been written to a register with a volatile_write, right?</p>



<a name="189365402"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365402" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365402">(Feb 29 2020 at 00:27)</a>:</h4>
<p>Does it even know what a DMA is ?</p>



<a name="189365425"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365425" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365425">(Feb 29 2020 at 00:27)</a>:</h4>
<p>It doesn't need to, it is just treated as FFI.</p>



<a name="189365523"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365523" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365523">(Feb 29 2020 at 00:29)</a>:</h4>
<p>Does it really ?</p>



<a name="189365529"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365529" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365529">(Feb 29 2020 at 00:29)</a>:</h4>
<p>Yes.</p>



<a name="189365534"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365534" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365534">(Feb 29 2020 at 00:29)</a>:</h4>
<p>FWIW we also model interrupt handlers as threads, and that model seems to fit them perfectly</p>



<a name="189365656"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365656" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365656">(Feb 29 2020 at 00:30)</a>:</h4>
<p><span class="user-mention" data-user-id="143274">@Amanieu</span> So if a write the address of a &amp;[MaybeUninit&lt;u8&gt;] to a random location with volatile_write can I take a &amp;[u8] to it afterwards without UB ?</p>



<a name="189365732"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365732" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365732">(Feb 29 2020 at 00:32)</a>:</h4>
<p>If it treats it like a FFI it won't assume that isn't uninit and throw it away, right ?</p>



<a name="189365735"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365735" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365735">(Feb 29 2020 at 00:32)</a>:</h4>
<p>You need a fence. Otherwise the compiler will assume the contents haven't changed and are still uninitialized.</p>



<a name="189365746"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365746" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365746">(Feb 29 2020 at 00:32)</a>:</h4>
<p>Yeah yeah, with a fence too</p>



<a name="189365770"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365770" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365770">(Feb 29 2020 at 00:33)</a>:</h4>
<p>Then, would it be okay (no UB) even without no DMA present ?</p>



<a name="189365846"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365846" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365846">(Feb 29 2020 at 00:34)</a>:</h4>
<p>Well technically you still need someone at the other end to actually initialize the memory for it to be valid.</p>



<a name="189365857"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365857" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365857">(Feb 29 2020 at 00:34)</a>:</h4>
<p>Everything is valid for an u8 no ?</p>



<a name="189365869"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365869" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365869">(Feb 29 2020 at 00:34)</a>:</h4>
<p><span class="user-mention" data-user-id="143274">@Amanieu</span> To clarify, you're saying that after a <code>fence</code> instruction, the compiler must assume that <em>all</em> memory may have been written from another thread of execution and thus is no longer <code>undef</code>?</p>



<a name="189365885"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365885" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365885">(Feb 29 2020 at 00:34)</a>:</h4>
<p>Or just heap memory?</p>



<a name="189365913"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365913" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365913">(Feb 29 2020 at 00:35)</a>:</h4>
<p>Anything whose address may be visible to other threads of execution.</p>



<a name="189365921"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365921" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365921">(Feb 29 2020 at 00:35)</a>:</h4>
<p>Or just memory whose address is published?</p>



<a name="189365928"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365928" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365928">(Feb 29 2020 at 00:35)</a>:</h4>
<p><span class="user-mention" data-user-id="118594">@ecstatic-morse</span> I think he is also saying that the address would have to be written somewhere with a volatile to emulate a ffi</p>



<a name="189365931"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365931" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365931">(Feb 29 2020 at 00:35)</a>:</h4>
<p>Yes, that.</p>



<a name="189365948"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189365948" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189365948">(Feb 29 2020 at 00:36)</a>:</h4>
<p>Ah, okay. How do I know when an address is published?</p>



<a name="189366022"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189366022" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189366022">(Feb 29 2020 at 00:36)</a>:</h4>
<p>(I'd love to continue this discussion but it's getting late)</p>



<a name="189366026"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189366026" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189366026">(Feb 29 2020 at 00:36)</a>:</h4>
<p>some sort of escape analysis perhaps?</p>



<a name="189366046"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189366046" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189366046">(Feb 29 2020 at 00:37)</a>:</h4>
<p>That would fix my initial problem at least...</p>



<a name="189366048"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189366048" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189366048">(Feb 29 2020 at 00:37)</a>:</h4>
<p><span class="user-mention" data-user-id="143274">@Amanieu</span> np, I'll check the LLVM docs</p>



<a name="189366970"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189366970" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189366970">(Feb 29 2020 at 00:54)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> So the term I was looking for is "pointer capture". When you take the address of your DMA buffer and write it to the MMIO register used to initiate DMA transfer, that pointer becomes captured and the buffer escapes the current thread of execution. Since you have a single-threaded fence after the you write the address, the compiler cannot reorder any subsequent reads of the buffer before the point at which the pointer was captured, and it can no longer assume that their value (whether <code>0</code> or <code>undef</code>) is known.</p>



<a name="189366977"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189366977" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189366977">(Feb 29 2020 at 00:54)</a>:</h4>
<p><span class="user-mention" data-user-id="118594">@ecstatic-morse</span> when you volatile write the address to a location outside of any location LLVM is using, you've published it</p>



<a name="189367010"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367010" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367010">(Feb 29 2020 at 00:55)</a>:</h4>
<p>oh zullip didn't update at first, you already got it</p>



<a name="189367251"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367251" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367251">(Feb 29 2020 at 01:00)</a>:</h4>
<p>Thanks all! I learned things today.</p>



<a name="189367302"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367302" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367302">(Feb 29 2020 at 01:01)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span>  what random memory can I write to emulate this ? Would it have to be out of ram ?</p>



<a name="189367502"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367502" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367502">(Feb 29 2020 at 01:05)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> (writing it to) any non-stack address that you didn't get from <code>malloc</code> should cause the pointer to be marked as captured. Capture tracking is itself not precise, so it's not possible to say precisely what locations won't cause a pointer to become captured when they are written to.</p>



<a name="189367509"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367509" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367509">(Feb 29 2020 at 01:05)</a>:</h4>
<p><a href="https://llvm.org/doxygen/CaptureTracking_8cpp_source.html" target="_blank" title="https://llvm.org/doxygen/CaptureTracking_8cpp_source.html">https://llvm.org/doxygen/CaptureTracking_8cpp_source.html</a></p>



<a name="189367523"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367523" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367523">(Feb 29 2020 at 01:05)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span>   You can't just write to random memory XD that's also not allowed</p>



<a name="189367556"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367556" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Dylan MacKenzie (ecstatic-morse) <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367556">(Feb 29 2020 at 01:06)</a>:</h4>
<p>(is what I'm reading ATM)</p>



<a name="189367670"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367670" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367670">(Feb 29 2020 at 01:08)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span> well, not random, but precisely chosen to not cause side effects</p>



<a name="189367692"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367692" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367692">(Feb 29 2020 at 01:09)</a>:</h4>
<p>the semantics of volatile are not only specific to a general build target, they're specific to the device. on any device with an OS and a memory management unit, you'll run afoul of the MMU</p>



<a name="189367703"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367703" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367703">(Feb 29 2020 at 01:09)</a>:</h4>
<p>Good thing I don't have a MMU heh</p>



<a name="189367711"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367711" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367711">(Feb 29 2020 at 01:09)</a>:</h4>
<p>;3</p>



<a name="189367766"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189367766" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189367766">(Feb 29 2020 at 01:10)</a>:</h4>
<p>"consult your datasheets"</p>



<a name="189368268"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189368268" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189368268">(Feb 29 2020 at 01:22)</a>:</h4>
<p>Thanks all</p>



<a name="189382705"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189382705" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189382705">(Feb 29 2020 at 08:53)</a>:</h4>
<p><span class="user-mention silent" data-user-id="224471">Lokathor</span> <a href="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA/near/189361505" title="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA/near/189361505">said</a>:</p>
<blockquote>
<p><span class="user-mention silent" data-user-id="267734">Thales Fragoso</span> well if miri says it's fine i guess it's fine. But it sure looks to me like that code makes a reference into uninit memory</p>
</blockquote>
<p>Miri doesnt catch <em>all</em> UB, just a lot of it. Also see <a href="https://github.com/rust-lang/miri/" target="_blank" title="https://github.com/rust-lang/miri/">the README</a>. And also to make it possible to run Miri on more code, Miri currently does not complain about uninitialized integers, or references to uninitialized data.</p>



<a name="189382817"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189382817" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189382817">(Feb 29 2020 at 08:57)</a>:</h4>
<p><span class="user-mention silent" data-user-id="267734">Thales Fragoso</span> <a href="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA/near/189365857" title="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA/near/189365857">said</a>:</p>
<blockquote>
<p>Everything is valid for an u8 no ?</p>
</blockquote>
<p>uninitialized memory isn't (maybe -- see <a href="https://github.com/rust-lang/unsafe-code-guidelines/issues/71" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/issues/71">https://github.com/rust-lang/unsafe-code-guidelines/issues/71</a>)</p>



<a name="189382862"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189382862" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189382862">(Feb 29 2020 at 08:58)</a>:</h4>
<p>also while "captured/escaped pointers" etc are important notions in the compiler, they are not part of the spec, so one has to be very careful when using them to reason about absence of UB...</p>



<a name="189391499"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189391499" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189391499">(Feb 29 2020 at 14:03)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> But won't pointer espace "trick" the compiler into thinking that this is fact initialized ?</p>



<a name="189391541"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189391541" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189391541">(Feb 29 2020 at 14:04)</a>:</h4>
<p>If we can't trust that then we will need to change the entire API for DMA in embedded, and that will bring a lot of overhead and hard to use apis</p>



<a name="189394630"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189394630" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189394630">(Feb 29 2020 at 15:42)</a>:</h4>
<p>The point is that it's precarious to reason about soundness by thinking of specific code transformations that may "break your code" and how those transformations may be blocked by throwing wrenches into (your mental model of) the compiler's internal reasoning. That does not necessarily mean that any particular conclusion you get that way is wrong, just that it's easier to get wrong conclusions.</p>



<a name="189395261"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189395261" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189395261">(Feb 29 2020 at 16:03)</a>:</h4>
<p>I understand that this is a fragile reasoning, but I don't see any other way to do DMA in a sensible way, especially mem-to-mem DMA</p>



<a name="189395342"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189395342" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189395342">(Feb 29 2020 at 16:05)</a>:</h4>
<p>It doesn't make sense to do mem-to-mem DMA without uninitialized data that the compiler has no way to know that it was in fact initialized</p>



<a name="189395392"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189395392" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189395392">(Feb 29 2020 at 16:06)</a>:</h4>
<p>If the CPU has to initialize the data why use DMA then ?</p>



<a name="189396177"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189396177" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189396177">(Feb 29 2020 at 16:32)</a>:</h4>
<p>Well, just as an example, ASM doesn't care at all, so you can do DMA by having a C FFI call that actually links to an assembly block that does the copy and returns with the buffer filled and LLVM literally can't tell that it was DMA or CPU.</p>



<a name="189396299"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189396299" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189396299">(Feb 29 2020 at 16:36)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span> that's why I think pointer escape is sufficient in this case, the mechanism that makes LLVM drop all assumptions about something that got passed to FFI is pointer escape/capture, or am I wrong ?</p>



<a name="189396315"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189396315" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189396315">(Feb 29 2020 at 16:37)</a>:</h4>
<p>The DMA engine <em>is</em> another thread from LLVM's point of view. So what you are doing is just standard inter-thread communication.</p>



<a name="189396326"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189396326" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189396326">(Feb 29 2020 at 16:37)</a>:</h4>
<p>you are correct Thales</p>



<a name="189396588"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189396588" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189396588">(Feb 29 2020 at 16:45)</a>:</h4>
<p><span class="user-mention" data-user-id="267734">@Thales Fragoso</span> Note the difference between "makes LLVM drop all assumptions" (which btw is arguably wrong as stated) and casting the DMA transfer as a kind of multi-threaded communication. Both ways end at "this code should be fine", but the latter rests on specifications giving actual guarantee about how <em>any</em> implementation will behave, regardless of how clever or exotic it is. You don't even <em>need</em> the precarious reasoning to get your goal.</p>



<a name="189396818"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189396818" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189396818">(Feb 29 2020 at 16:53)</a>:</h4>
<p>I agree that some semantics I used were very brittle, but that doesn't change the fact that there is no need for an actual DMA transfer to happen to make the code UB-free</p>



<a name="189397078"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189397078" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189397078">(Feb 29 2020 at 17:00)</a>:</h4>
<p>Uhm, yes? I don't think we ever stated that you needed to literally do a DMA to freeze the memory. There's a few ways you can just freeze memory if that's the goal.</p>



<a name="189397144"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189397144" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189397144">(Feb 29 2020 at 17:03)</a>:</h4>
<p><span class="user-mention" data-user-id="224471">@Lokathor</span> yes, the DMA transfer was the initial goal, but freezing memory is also useful in other contexts, are there other ways to do it without FFI ?</p>



<a name="189397204"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189397204" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189397204">(Feb 29 2020 at 17:05)</a>:</h4>
<p>Not really, the basic idea is always some form of "let code outside of LLVM's view edit the memory and LLVM won't know what happened, so if nothing actually happened then the memory is just plain frozen."</p>
<p>Some day LLVM will have a full intrinsic for it, but I think that is currently just in development (last I heard).</p>



<a name="189397254"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189397254" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189397254">(Feb 29 2020 at 17:07)</a>:</h4>
<p>Thanks for all the explanations</p>



<a name="189397292"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189397292" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189397292">(Feb 29 2020 at 17:08)</a>:</h4>
<p>And as I'm sure Ralf would want me to say: any current way to freeze memory is unspecified and just "happens to work that way" status.</p>



<a name="189397497"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189397497" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189397497">(Feb 29 2020 at 17:15)</a>:</h4>
<p>Is there a portable way of doing this ? without the need to link in a C or asm routine that just returns ?</p>



<a name="189397608"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189397608" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189397608">(Feb 29 2020 at 17:18)</a>:</h4>
<p>Note that "freezing memory without writing it" is brittle for reasons beyond just compiler behavior / lack of specification. See e.g. <a href="https://github.com/rust-lang/rust/pull/58363#issuecomment-512119241" target="_blank" title="https://github.com/rust-lang/rust/pull/58363#issuecomment-512119241">https://github.com/rust-lang/rust/pull/58363#issuecomment-512119241</a></p>



<a name="189397740"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189397740" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189397740">(Feb 29 2020 at 17:22)</a>:</h4>
<p><span class="user-mention" data-user-id="124289">@Hanna Kruppe</span> thanks for the link, it's good information to keep in mind, but it doesn't concern me in this case, since I don't have an OS or even a heap</p>



<a name="189398120"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189398120" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189398120">(Feb 29 2020 at 17:35)</a>:</h4>
<p>And I sure won't depend on any "freezed" value to make sense before I write to it, I just need it to not be UB</p>



<a name="189400043"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189400043" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189400043">(Feb 29 2020 at 18:30)</a>:</h4>
<p>Remember that there are platforms where uninitialized memory is tracked at the hardware level. You need to <em>actually write</em> to the memory, otherwise it's still uninitialized.</p>



<a name="189400111"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189400111" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189400111">(Feb 29 2020 at 18:31)</a>:</h4>
<p>One surprising example is Linux: if you use <code>madvise(MADV_FREE)</code> (which jemalloc does), then it's telling the OS that if nobody has written to the page since that syscall, it can be reclaimed and replaced with a zero page. This can happen at <em>any time</em> unless you actually write to the memory.</p>



<a name="189400242"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/189400242" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#189400242">(Feb 29 2020 at 18:35)</a>:</h4>
<p><span class="user-mention silent" data-user-id="267734">Thales Fragoso</span> <a href="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA/near/189396818" title="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA/near/189396818">said</a>:</p>
<blockquote>
<p>I agree that some semantics I used were very brittle, but that doesn't change the fact that there is no need for an actual DMA transfer to happen to make the code UB-free</p>
</blockquote>
<p>that's exactly the point -- this is wrong. unless you are doing something for which the spec says that it freezes memory (which so far isnt possible), then the code <em>does</em> have UB unless something actually initialized that memory (that something can be another device via DMA, sure).<br>
This is the kind of UB that cannot bite you unless the compiler can somehow prove that no DMA is going to happen, but it's still UB.<br>
the fact that "pointers were escaped" doesn't change this -- the spec doesnt have any clause that says "if the pointer escaped it's not UB".</p>
<p>I admit that this might sound like academic nitpicking, but I do think it is important which part of the reasoning here is based on the "source of truth" (the spec, which is ideally written without even mentioning a compiler) and which part is based on looking at how current compilers <em>happen to</em> implement the spec.  The latter <em>can</em> lead to correct results, but it can also be very misleading.<br>
In this case though it looks like things work out the same either way, so that's good :)</p>



<a name="190059360"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190059360" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190059360">(Mar 09 2020 at 11:21)</a>:</h4>
<p>There was a question regarding pointer capture/escape on the rust-embedded chat, I wasn't sure of the answer so I will ask here.</p>
<p>The setup is a SPI peripheral reading data of a buffer through DMA. There is a setup stage where the pointer to the buffer gets written to the DMA registers (escaped) and after that a compiler fence. </p>
<p>After that there will be some computations and writing to this buffer in an interrupt handler and using a compiler fence before asserting the DMA transfer, the buffer never gets read anywhere in the code.</p>
<p>The question is, the pointer only escapes in the beginning of the program, would this be enough to prevent any writes to the buffer of being omitted throughout the rest of the program or there is a need for <code>write_volatile</code> ? </p>
<p>There is no concern with reordering apart from the very specific places that will have compiler fences</p>



<a name="190062094"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190062094" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190062094">(Mar 09 2020 at 12:10)</a>:</h4>
<blockquote>
<p>There is a setup stage where the pointer to the buffer gets written to the DMA registers (escaped) and after that a compiler fence. </p>
</blockquote>
<p>is that a <code>write_volatile</code>?</p>



<a name="190062191"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190062191" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190062191">(Mar 09 2020 at 12:12)</a>:</h4>
<p>Yes, all MMIO interactions use write/read volatile by design</p>



<a name="190062268"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190062268" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190062268">(Mar 09 2020 at 12:13)</a>:</h4>
<p>The important part of the question is that the setup only occurs once in the beginning, but the buffer will be written (but never read) over and over throughout the course of the program</p>



<a name="190062361"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190062361" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190062361">(Mar 09 2020 at 12:14)</a>:</h4>
<p>There will be compiler fences after every complete interaction with the buffer to prevent it from getting too postponed</p>



<a name="190112340"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190112340" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190112340">(Mar 09 2020 at 20:10)</a>:</h4>
<p>So, rust writes to the buffer without reading it  and the DMA unit copies the buffer to some other place periodically?</p>



<a name="190112600"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190112600" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190112600">(Mar 09 2020 at 20:13)</a>:</h4>
<p>Yes, and the rust code changes the buffer in-between the DMA readings</p>



<a name="190112654"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190112654" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190112654">(Mar 09 2020 at 20:13)</a>:</h4>
<p>with compiler fencing that sounds fine</p>



<a name="190112898"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190112898" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190112898">(Mar 09 2020 at 20:15)</a>:</h4>
<p>Honestly the volatile part probably doesn't really hurt anyway</p>



<a name="190112906"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190112906" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190112906">(Mar 09 2020 at 20:15)</a>:</h4>
<p>Yeah, I also think that, wasn't sure that if rust code keeps writing to it somewhere it would disregard the pointer as escaped and start optimizing out the writes</p>



<a name="190113169"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190113169" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190113169">(Mar 09 2020 at 20:16)</a>:</h4>
<p>I think the volatile could have a bad effect depending of the amount of data and processing that occurs while filling the buffer</p>



<a name="190113187"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190113187" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190113187">(Mar 09 2020 at 20:16)</a>:</h4>
<p>But that would have to be measured</p>



<a name="190137508"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190137508" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190137508">(Mar 10 2020 at 02:32)</a>:</h4>
<p>if you only ever write to the buffer, unless you're writing the same spot more than once, every byte gets written once volatile or not</p>



<a name="190138662"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190138662" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190138662">(Mar 10 2020 at 03:02)</a>:</h4>
<p>There will be multiple writes to the same byte on the buffer, it would work like that:</p>
<ul>
<li>First write to the buffer.</li>
<li>setup stage -&gt; Pointer escape &amp; compiler fence.</li>
</ul>
<p>1:</p>
<ul>
<li>DMA gets finished.</li>
<li>Write new data to the whole buffer and compile fence and start DMA</li>
<li>Jump 1</li>
</ul>



<a name="190138731"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190138731" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190138731">(Mar 10 2020 at 03:04)</a>:</h4>
<p>What I'm not sure is that if writes on looping 1 won't get optmized out</p>



<a name="190138775"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190138775" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190138775">(Mar 10 2020 at 03:04)</a>:</h4>
<p>Maybe the best solution would be to escape the pointer once every loop</p>



<a name="190138779"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190138779" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190138779">(Mar 10 2020 at 03:04)</a>:</h4>
<p>Optimizing compilers are hard</p>



<a name="190140207"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190140207" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190140207">(Mar 10 2020 at 03:44)</a>:</h4>
<p>Sorry, I'm speaking specifically about the time between DMA uses.</p>
<p>Each byte of the buffer is written at most once, and then you do a fence/DMA cycle, then each byte is written at most once again on the next loop, then a fence/DMA cycle, etc.</p>
<p>If that is the case, then using volatile or not makes no difference.</p>



<a name="190140475"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190140475" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190140475">(Mar 10 2020 at 03:52)</a>:</h4>
<p>That is the case, but the DMA cycle doesn't write the pointer to the buffer to a register anymore, since it isn't required for the peripheral, since it already has the address from the first setup</p>



<a name="190140556"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190140556" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190140556">(Mar 10 2020 at 03:55)</a>:</h4>
<p>Sure, that's not really related though.</p>
<p>The issue with using volatile vs non-volatile for the actual buffer filling steps is that volatile must do exactly the count of reads and writes written, and normal reads/writes can elide repeated reads or skip early writes if there's no read before the next write. In other words, normal access can turn two writes into one write by skipping the first write. However, if there is already exactly one write per byte into the buffer, the compiler cannot reduce that any further. Thus, both normal access and volatile access would have exactly 1 write per byte into the buffer. So volatile would have no speed difference.</p>



<a name="190140655"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190140655" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190140655">(Mar 10 2020 at 03:58)</a>:</h4>
<p>Oh, ok, now I understand, you were talking about the performance hit not about the problem with omitted writes</p>



<a name="190140661"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190140661" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190140661">(Mar 10 2020 at 03:58)</a>:</h4>
<p>Yes, right</p>



<a name="190140675"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190140675" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190140675">(Mar 10 2020 at 03:59)</a>:</h4>
<p>Yes, putting that way it looks like it's much better to not really depend on compiler behavior and use volatile writes</p>



<a name="190140680"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190140680" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190140680">(Mar 10 2020 at 03:59)</a>:</h4>
<p>Yes, since it can't hurt, just be volatile</p>



<a name="190140754"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190140754" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190140754">(Mar 10 2020 at 04:01)</a>:</h4>
<p>The bad thing would be if that was a lib that hides the implementation and just passes the buffer to the user for the filling etc</p>



<a name="190140797"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190140797" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190140797">(Mar 10 2020 at 04:02)</a>:</h4>
<p>I mean, not necessarily bad, but cumbersome</p>



<a name="190140864"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190140864" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190140864">(Mar 10 2020 at 04:04)</a>:</h4>
<p>In that case, I'd possibly just eat the cost of a few cycles and just re-assign the pointer to the buffer to the DMA unit</p>



<a name="190141111"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190141111" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190141111">(Mar 10 2020 at 04:13)</a>:</h4>
<p>In fact I think you'd have to because in calling the closure with a <code>&amp;mut [MyType]</code> arg I'm pretty sure you'd invalidate the existing pointer under the stacked borrow rules (?)</p>



<a name="190141280"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190141280" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190141280">(Mar 10 2020 at 04:18)</a>:</h4>
<p>Hmm, I didn't quite follow, what closure ? A user API ?</p>



<a name="190142937"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190142937" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190142937">(Mar 10 2020 at 05:14)</a>:</h4>
<p>Yeah, I guess it depends on what sort of API you have. I was thinking something like</p>
<div class="codehilite"><pre><span></span><span class="k">pub</span><span class="w"> </span><span class="k">fn</span> <span class="nf">use_dma_to_move_buffers</span><span class="o">&lt;</span><span class="n">F</span>: <span class="nb">FnMut</span><span class="p">(</span><span class="o">&amp;</span><span class="k">mut</span><span class="w"> </span><span class="p">[</span><span class="kt">u8</span><span class="p">])</span><span class="o">&gt;</span><span class="p">(</span><span class="n">dma</span>: <span class="nc">DMAUnit</span><span class="p">,</span><span class="w"> </span><span class="kt">usize</span>: <span class="nc">count</span><span class="p">)</span><span class="w"> </span>-&gt; <span class="nb">Result</span><span class="o">&lt;</span><span class="p">(),</span><span class="w"> </span><span class="p">()</span><span class="o">&gt;</span><span class="p">{</span><span class="w"> </span><span class="p">...</span><span class="w"> </span><span class="p">}</span><span class="w"></span>
</pre></div>


<p>Or something where you're prepping a buffer in the lib, then user code fills the buffer, then you send off the buffer. In that case, calling the user code would start moving around a unique reference to the buffer, which would (if I remember my stacked borrows properly) invalidate the pointer that you had to the buffer. And once the pointer is invalidated... does it count as escaped any more? I dunno. Like, I really don't. We'd need some real LLVM wizards to tell us that one.</p>
<p>But you could probably make _some sort_ of good API that's using DMA, depending on your exact needs. I think that it's probably device specific enough that I wouldn't expect the embedded-wg to be able to have a super suitable abstraction in the embedded-hal crate, for example. Probably it'd be simper to write up a page of suggested guidelines and then each specific device's crate can have functions for doing DMA on that device.</p>



<a name="190143260"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190143260" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190143260">(Mar 10 2020 at 05:25)</a>:</h4>
<p>Yes, now I understand, we cast the pointer to an u32 to write to register, but I guess that even that way it still applies</p>



<a name="190154397"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190154397" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190154397">(Mar 10 2020 at 09:26)</a>:</h4>
<p><span class="user-mention silent" data-user-id="267734">Thales Fragoso</span> <a href="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA/near/190112906" title="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA/near/190112906">said</a>:</p>
<blockquote>
<p>Yeah, I also think that, wasn't sure that if rust code keeps writing to it somewhere it would disregard the pointer as escaped and start optimizing out the writes</p>
</blockquote>
<p>so as mentioned elsewhere, "escaped pointer" is not a thing in the Rust spec and thus not terribly useful if you are asking "what does the compiler have to do per spec".<br>
but if you are asking exclusively about how <em>current</em> Rust <em>happens to</em> think about it, then -- a pointer, once escaped, can never "unescape" as long as it remains a raw pointer. (creating a mutable reference is a promise to the compiler that the reference is unique and all potentially escaped aliases will not be used again, so you cannot use references.)</p>



<a name="190154547"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190154547" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190154547">(Mar 10 2020 at 09:29)</a>:</h4>
<p>as far as the spec is concerned, I think of the DMA device as something akin to another thread, and once that thread has access to your memory it can just keep accessing it. and since DMA "pesudo-threads" through some magic (that I dont understand but well^^) dont need "real fences" (just compiler fences), the fences you have should be enough synchronization to enable proper communication.</p>



<a name="190197544"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190197544" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190197544">(Mar 10 2020 at 17:01)</a>:</h4>
<p>It becomes very target specific because DMA on some devices halts the CPU while it works (similar to an interrupt), and with other devices the DMA is running along side the CPU (similar to a multi-core situation). So "pseudo-threads" is probably the best general abstraction.</p>



<a name="190198782"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190198782" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190198782">(Mar 10 2020 at 17:10)</a>:</h4>
<blockquote>
<p>with other devices the DMA is running along side the CPU (similar to a multi-core situation)</p>
</blockquote>
<p>but somehow still in a way that compiler fences are enough, no real fences are needed?</p>



<a name="190198803"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190198803" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190198803">(Mar 10 2020 at 17:11)</a>:</h4>
<p>that is the part that makes little sense to me</p>



<a name="190199946"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190199946" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190199946">(Mar 10 2020 at 17:21)</a>:</h4>
<p>I would say that in a lot of cases you need the memory fence, but that isn't the case for most cortex-m processors</p>



<a name="190199973"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190199973" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190199973">(Mar 10 2020 at 17:22)</a>:</h4>
<blockquote>
<p>Omitting the DMB or DSB instruction in the examples in Figure 41 on page 47 and Figure 42 would not cause any error because the Cortex-M processors:</p>
<p>do not re-order memory transfers</p>
<p>do not permit two write transfers to be overlapped.</p>
</blockquote>



<a name="190200156"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190200156" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thales Fragoso <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190200156">(Mar 10 2020 at 17:23)</a>:</h4>
<blockquote>
<p>The use of DMB is rarely needed in Cortex-M processors because they do not reorder memory transactions. However, it is needed if the software is to be reused on other ARM processors, especially multi-master systems. </p>
</blockquote>



<a name="190201005"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190201005" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190201005">(Mar 10 2020 at 17:29)</a>:</h4>
<p><span class="user-mention silent" data-user-id="267734">Thales Fragoso</span> <a href="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA/near/190199946" title="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA/near/190199946">said</a>:</p>
<blockquote>
<p>I would say that in a lot of cases you need the memory fence, but that isn't the case for most cortex-m processors</p>
</blockquote>
<p>ah, fair. so these pseudo-threads have some target-specific rules for whether synchronizing with them requires a hardware fence or just a compiler fence. makes sense.</p>



<a name="190201377"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit%20data%20and%20DMA/near/190201377" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Uninit.20data.20and.20DMA.html#190201377">(Mar 10 2020 at 17:32)</a>:</h4>
<p>when dma runs along side cpu there usually is external fencing i think. for example, when using vulkan to move data to the gpu memory there are fences involved.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>